search

jamesmcm / vopono

Run applications through VPN tunnels with temporary network namespaces
GNU General Public License v3.0
867 stars 46 forks source link

Fails with ip6tables unknown reject type "icmp-net-unreachable" #139

Open ioogithub opened 2 years ago

ioogithub commented 2 years ago

This is my first attempt. I ran vopono sync successfully however vopono exec does not work:

$ vopono exec --provider mullvad --server norway "curl ifconfig.co/country" --protocol openvpn
 2022-02-20T00:53:06.874Z INFO  vopono::util > Calling sudo for elevated privileges, current user will be used as default user
 2022-02-20T00:53:07.087Z INFO  vopono::util > Chosen config: /home/user/.config/vopono/mv/openvpn/norway-no.ovpn
 2022-02-20T00:53:07.100Z INFO  vopono::netns > Created new network namespace: vopono_mv_norway
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN    
connected  full          enabled  enabled  enabled  enabled 
 2022-02-20T00:53:07.307Z INFO  vopono::netns > IP address of namespace as seen from host: 10.200.1.2
 2022-02-20T00:53:07.307Z INFO  vopono::netns > IP address of host as seen from namespace: 10.200.1.1
 2022-02-20T00:53:07.328Z INFO  vopono::openvpn > Launching OpenVPN...
Bind /etc/netns/vopono_mv_norway/openvpn.log -> /etc/openvpn.log failed: No such file or directory

...same line repeated 34 times ...

ip6tables v1.8.7 (nf_tables): unknown reject type "icmp-net-unreachable"
Try `ip6tables -h' or 'ip6tables --help' for more information.
 2022-02-20T00:53:10.715Z INFO  vopono::exec    > Application curl ifconfig.co/country launched in network namespace vopono_mv_norway with pid 44161
Bind /etc/netns/vopono_mv_norway/openvpn.log -> /etc/openvpn.log failed: No such file or directory
Norway
 2022-02-20T00:53:12.303Z INFO  vopono::netns   > Shutting down vopono namespace - as there are no processes left running inside

Platform: Raspberry Pi 4B

$ uname -a
Linux raspberrypi 5.10.92-v8+ #1514 SMP PREEMPT Mon Jan 17 17:39:38 GMT 2022 aarch64 GNU/Linux
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian

OpenVPN is installed:

$ sudo apt install openvpn
openvpn is already the newest version (2.5.1-3).

I can see the openvpn logs here: grep vpn /var/log/syslog

Not sure what I am missing here.

jamesmcm commented 2 years ago

Could you try running it with verbose logging and without the killswitch?

$ vopono -v exec --provider mullvad --server norway "curl ifconfig.co/country" --protocol openvpn --no-killswitch

Also you might be able to try nftables too (just install nftables).

tschan commented 8 months ago

I'm not OP but I have the same problem. Running your test command results in the following log: https://gist.github.com/tschan/643ae522d5768d5df6f19f9364c4e6aa

OS: NixOS 24.05.20240210.d934204 (Uakari) x86_64
Kernel: 6.7.4
Shell: bash 5.2.26
$ ip6tables --version
ip6tables v1.8.10 (nf_tables)
jamesmcm commented 8 months ago

Does it work if you run it without IPv6 : e.g.

$ vopono -v exec --provider mullvad --server norway "curl ifconfig.co/country" --protocol openvpn --no-killswitch  --disable-ipv6
tschan commented 8 months ago

Using --disable-ipv6 indeed fixes the error message. As I don't need ipv6 I will just use that. Thanks :)